Note: RoboForm clients (Windows, Mac, browser extension) must be Version 9.5.7 and higher for SSO integration to be available.
Okta SSO
RoboForm Single Sign On (SSO) integration allows users to be automatically signed into RoboForm without needing to use a Master Password. Instead the user will be redirected to the Okta authentication portal where they will be able to verify their identity through Okta.
This article will cover how to enable SSO integration through Okta, additional documentation from Okta's help center may be useful as an additional reference point during this process and can be found here.
Integrate RoboForm with Okta
1) Sing into your Okta management console, the URL of this console will be unique to your company. From the console navigate to Applications.
2) From the Applications page click Create App Integration.
3) Set the Sign-in method to OIDC and set the Application type to Single-Page Application then click Next.
4) Set the App integration name then click Add URI. The Sign-In redirect URI indicates what address Okta's authentication can reach RoboForm at once the authentication has been completed. Each of the following URIs must be entered separately, each represents one of the portals a user may access RoboForm through.
http://localhost:42019/oidc-callback
http://localhost:42020/oidc-callback
http://localhost:42021/oidc-callback
https://pnlccmojcmeohlpggmfnbbiapkmbliob.chromiumapp.org/oidc-callback
https://ljfpcifpgbbchoddpjefaipoiigpdmag.chromiumapp.org/oidc-callback
https://online.roboform.com/oidc-callback
chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob
chrome-extension://ljfpcifpgbbchoddpjefaipoiigpdmag
5) At the bottom of the App Integration menu set the which users will be given access to use SSO with RoboForm through the Assignments section. Once the assignments are set click Save.
6) Navigate to the Profile Editor.
7) Select the open the User (default) profile.
8) From the Profile Editor click Add Attribute.
9) Set the Display name and Variable name to roboformKey and set the User permissions to Read-Write. Then click Save at the bottom of the menu.
Note The user permissions must be set to read-write but it is critical that users do not edit this attribute. Make it clear in the attributes name that it should not be edited and inform your users that it must not be edited.
10) Navigate back to Applications and open the previously created RoboForm application.
11) Select the Okta API Scopes tab.
At the bottom of the page find the okta.users.manage.self scope and click Grant.
12) Navigate back to the General tab and copy the Client ID to a notepad file for use later.
13) Copy the highlighted portion of your unique Okta URL to a notepad file for later use.
14) Add the string '.well-known/openid-configuration' to the end of the previously copied URL. The completed URL should look like this:
https://dev-18309272-admin.okta.com/.well-known/openid-configuration
15) In a new tab open the RoboForm for Business administrator console and navigate to Integrations.
16) Select Okta, open the Single Sign-On tab, paste the previously copied Application ID and OIDC Metadata URL into their respective fields, and click Next.
17) Set which users will have SSO enabled:
No one - This option will complete the SSO integration but will not activate it for any users.
All Users and Groups - This option will enable SSO for all users in the company.
Selected Groups - This option will enable SSO for users in specified groups.
This setting can be changed after the setup is complete.
When ready click Activate SSO Integration, this will open a prompt for final confirmation to complete RoboForm's integration with Okta.
SSO integration has now been configured for Okta. All users that this functionality has been assigned to can begin signing into RoboForm using SSO.
Comments
0 comments
Please sign in to leave a comment.